[GitHub] [tomee-release-tools] rzo1 opened a new pull request #1: TOMEE-3805 - Generate list of CVEs for release notes

Thu, 28 Oct 2021 00:56:49 -0700 


rzo1 opened a new pull request #1:
URL: https://github.com/apache/tomee-release-tools/pull/1


   # What does the PR do?
   
   - Adds an additional `CVE` section to the generated release notes.
   - Issues labeld with `cve` (or `CVE`, `cVe`, etc.) are added to the end of 
the release-notes section.
   
   ## Sample Output for 8.0.9
   
   ```
   = Apache TomEE 8.0.9 Release Notes
   :index-group: Release Notes
   :jbake-type: page
   :jbake-status: published
   
   == Dependency upgrade
   
   [.compact]
    - link:https://issues.apache.org/jira/browse/TOMEE-3789[TOMEE-3789] 
ActiveMQ 5.16.3
    - link:https://issues.apache.org/jira/browse/TOMEE-3810[TOMEE-3810] 
Geronimo Java Mail 1.6 1.0.1
    - link:https://issues.apache.org/jira/browse/TOMEE-3809[TOMEE-3809] Johnzon 
1.2.15
    - link:https://issues.apache.org/jira/browse/TOMEE-3799[TOMEE-3799] Tomcat 
9.0.53
    - link:https://issues.apache.org/jira/browse/TOMEE-3806[TOMEE-3806] Tomcat 
9.0.54
    - link:https://issues.apache.org/jira/browse/TOMEE-3793[TOMEE-3793] xbean 
4.20
   
   == Bug
   
   [.compact]
    - link:https://issues.apache.org/jira/browse/TOMEE-3791[TOMEE-3791] Ajax 
JSF not provided in 8.0.8 builds
    - link:https://issues.apache.org/jira/browse/TOMEE-3792[TOMEE-3792] Missing 
Public key in KEYS for Tomee
    - link:https://issues.apache.org/jira/browse/TOMEE-3794[TOMEE-3794] 
javaVersion() in org.apache.openejb.arquillian.common.Setup breaks for version 
strings with length lower than 3
    - link:https://issues.apache.org/jira/browse/TOMEE-3795[TOMEE-3795] Proxy 
class definition does not work in Java 17+
    - link:https://issues.apache.org/jira/browse/TOMEE-3796[TOMEE-3796] 
myfaces-api-2.3.9.jar is modified.
    - link:https://issues.apache.org/jira/browse/TOMEE-3803[TOMEE-3803] 
RES_NOT_FOUND in Plume 8.0.8 JSF 2.3
    - link:https://issues.apache.org/jira/browse/TOMEE-3798[TOMEE-3798] TomEE 
(8.0.8) is affected by CVE-2021-40690 vulnerability
   
   == Sub-task
   
   [.compact]
    - link:https://issues.apache.org/jira/browse/TOMEE-3682[TOMEE-3682] Update 
example 'simple-mdb-and-cdi' to use Server/API Bom
    - link:https://issues.apache.org/jira/browse/TOMEE-3683[TOMEE-3683] Update 
example 'simple-mdb-with-descriptor' to use Server/API Bom
    - link:https://issues.apache.org/jira/browse/TOMEE-3684[TOMEE-3684] Update 
example 'simple-mdb' to use Server/API Bom
    - link:https://issues.apache.org/jira/browse/TOMEE-3596[TOMEE-3596] Update 
example 'injection-of-connectionfactory' to use Server/API Bom
    - link:https://issues.apache.org/jira/browse/TOMEE-3652[TOMEE-3652] Update 
example 'quartz-app' to use Server/API Bom
   
   == Fixed Common Vulnerabilities and Exposures (CVEs)
   
   [.compact]
    - link:https://issues.apache.org/jira/browse/TOMEE-3798[TOMEE-3798] TomEE 
(8.0.8) is affected by CVE-2021-40690 vulnerability
   
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to